Syntax
display mirroring-group { group-id | all | local | remote-destination
| remote-source }
View
Any view
Parameter
group-id: Group
number of a port mirroring group, in the range of 1 to 20.
local: Specifies
to display the parameter settings of local port mirroring groups.
remote-destination: Specifies to display the parameter settings of the destination
groups for remote mirroring.
remote-source: Specifies to display the parameter settings of the source groups
for remote mirroring.
all: Specifies
to display the parameter settings of all mirroring groups.
Description
Use the display mirroring-group command
to display the parameter settings of a port mirroring group.
Local mirroring group information includes:
l
Group number
l
Group type: local
l
Group status
l
Information of the source port
l
Information of the destination port
Information of the destination mirroring
group for remote mirroring includes:
l
Group number
l
Group type: remote-destination
l
Group status
l
Information of the destination port
l
Remote-probe VLAN information
Information of the source mirroring group for
remote mirroring includes:
l
Group number
l
Group type: remote-source
l
Group status
l
Information of the source port
l
Information of the reflector port
l
Remote-probe VLAN information
Example
# Display the parameter settings of a port mirroring
group.
<H3C> display mirroring-group all
mirroring-group 2:
type: local
status: active
mirroring port:
GigabitEthernet1/1/1 both
monitor port: GigabitEthernet1/1/4
Syntax
display qos-interface { interface-type interface-number | unit-id } mirrored-to
View
Any view
Parameter
interface-type interface-number: port of a switch. If you specify this argument, the switch will
display the parameter settings of the specified port.
unit-id: Unit
ID. If you specify this argument, the switch will display the parameter
settings of the specified unit.
Description
Use the display qos-interface
mirrored-to command to display the parameter settings of traffic mirroring.
Information displayed includes:
l
Port and action name of traffic mirroring
l
Direction of traffic mirroring
l
ACL for identifying traffics
l
Destination port
Related command: mirrored-to
Example
# Display the parameter settings of traffic
mirroring on Gigabitethernet1/1/1.
<H3C> display qos-interface GigabitEthernet 1/1/1 mirrored-to
GigabitEthernet1/1/1: mirrored-to
Inbound:
Matches: Acl 2000 rule 0 running
Mirrored to: monitor interface
Syntax
mirrored-to { inbound | outbound } acl-rule { monitor-interface
| cpu }
undo mirrored-to { inbound | outbound } acl-rule
View
Ethernet port view
Parameter
inbound: Specifies
to mirror packets received by the port.
outbound: Specifies
to mirror packets sent by the port.
acl-rule:
Applied ACL rules, which can be the combination of different types of ACL
rules. Table 1-1 describes the combined-ACL applications.
Table 1-1 Combined
application of ACLs
|
Combination mode
|
Form of acl-rule
|
|
Apply all sub-rules in an IP type ACL (either
a basic or an advanced ACL) separately
|
ip-group acl-number
|
|
Apply one sub-rule in an IP type ACL
separately
|
ip-group acl-number
rule rule-id
|
|
Apply all sub-rules in a Layer 2 ACL
separately
|
link-group
acl-number
|
|
Apply one sub-rule in a Layer 2 ACL
separately
|
link-group
acl-number rule rule-id
|
|
Apply one sub-rule in a user-defined ACL
separately
|
user-group acl-number
|
|
Apply all sub-rules in a user-defined ACL
separately
|
user-group acl-number rule rule-id
|
|
Apply one sub-rule
in an IP type ACL and one rule in a Layer 2 ACL simultaneously
|
ip-group
acl-number rule
rule-id link-group acl-number rule rule-id
|
ip-group acl-number: Sequence number of a basic or advanced ACL, in the range 2000 to
3999.
link-group acl-number: Sequence number of a Layer 2
ACL, in the range 4000 to 4999.
user-group acl-number: Sequence number of a user-defined
ACL, in the range 5000 to 5999.
rule rule-id: Sequence number of an ACL sub-rule, in the range 0 to 65534. If
this argument is not specified, all sub-rules in the specified ACL will be
applied.
monitor-interface: Specifies to mirror traffics to the destination port.
cpu: Specifies
to mirror the data traffics to the CPU.
Description
Use the mirrored-to command to invoke
ACLs for identifying traffics and perform traffic mirroring for the packets
matching the ACLs.
Use the undo mirrored-to command to
remove traffic mirroring configuration.
This command applies to matching the sub-rules
whose actions are permit in the specified ACL.
LACP and STP must be disabled on the
destination port. Traffic mirroring does not support aggregated synchronization
and configuration copy.
Mirroring configuration takes effect only
after a source port and a destination port are specified.
Related command: display qos-interface
mirrored-to, monitor-port
Example
# Mirror packets that match ACL 2000 on
port GigabitEthernet1/1/1 to GigabitEthernet1/1/4 through traffic mirroring.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface GigabitEthernet1/1/4
[H3C-GigabitEthernet1/1/4]
monitor-port
[H3C-GigabitEthernet1/1/4] quit
[H3C] interface GigabitEthernet1/1/1
[H3C-GigabitEthernet1/1/1] mirrored-to
inbound ip-group 2000 monitor-interface
Syntax
mirroring-group group-id { local | remote-destination
| remote-source }
undo mirroring-group { group-id | all | local | remote-destination
| remote-source }
View
System view
Parameter
group-id: The
number of a port mirroring group, in the range 1 to 20.
local: Specifies
the mirroring group as a local port mirroring group.
remote-destination: Specifies the mirroring group as the destination mirroring group for
remote port mirroring.
remote-source: Specifies the mirroring group as the source mirroring group for
remote mirroring.
all: Specifies
to remove all mirroring groups.
Description
Use the mirroring-group command to
configure a port mirroring group.
Use the undo mirroring-group command
to remove a port mirroring group.
Example
# Configure a port mirroring group on the
local switch.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] mirroring-group 1 local
Syntax
mirroring-group group-id mirroring-port mirroring-port-list { both | inbound | outbound }
undo mirroring-group group-id mirroring-port mirroring-port-list
View
System view/Ethernet port view
Parameter
group-id: The
number of a port mirroring group, in the range 1 to 20.
mirroring-port mirroring-port-list: Specifies a list
of source ports. mirroring-port-list is available in system view only, instead
of in Ethernet port view.
both: Specifies
to mirror the packets received and sent by the port.
inbound: Specifies
to mirror the packets received by the port.
outbound: Specifies
to mirror the packets sent by the port.
Description
Use the mirroring-group mirroring-port
command to configure the source port.
Use the undo mirroring-group mirroring-port
command to remove the configuration of the source port.
Example
# Configure GigabitEthernet1/1/1 as the
source port and mirror all packets received by this port.
<H3C>
system-view
System View: return to User View with
Ctrl+Z.
[H3C] mirroring-group 1 mirroring-port
Gigabitethernet1/1/1 inbound
Syntax
mirroring-group group-id monitor-port monitor-port
undo mirroring-group group-id monitor-port monitor-port
View
System view/Ethernet port view
Parameter
group-id: The
number of a port mirroring group, in the range 1 to 20.
monitor-port monitor-port: Specifies the destination
port for port mirroring. monitor-port is available in system view only, instead
of in Ethernet port view.
Description
Use the mirroring-group monitor-port
command to configure the destination port.
Use the undo mirroring-group
monitor-port to remove the configuration of the destination port.
Note the following when you configure the
destination port:
l
LACP and STP must be disabled on the destination
port.
l
The destination port for remote mirroring must
be an Access port.
l
After a port is configured as a reflector port,
the switch does not allow you to change the port type or its default VLAN ID.
Example
# Configure GigabitEthernet1/1/4 as the source
port
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] mirroring-group 1 monitor-port
Gigabitethernet1/1/4
Syntax
mirroring-group group-id reflector-port reflector-port
undo mirroring-group group-id reflector-port reflector-port
View
System view/Ethernet port view
Parameter
group-id: The
number of a port mirroring group, in the range 1 to 20.
reflector-port reflector-port: Specifies the reflector
port. reflector-port is available in system view only, instead of in Ethernet
port view.
Description
Use the mirroring-group reflector-port
command to specify the reflector port.
Use the undo mirroring-group reflector-port
command to remove the configuration of the reflector port..
Note the following when you configure the
reflector port:
l
The reflector port must be an Access port.
l
LACP and STP must be disabled on the reflector
port.
l
After a port is configured as a reflector port,
the switch does not allow you to change the port type or its default VLAN ID,
or to add it to another VLAN.
Example
# Configure GigabitEthernet1/1/2 as the
reflector port.
<H3C>
system-view
System View: return to User View with
Ctrl+Z.
[H3C] mirroring-group 1
reflector-port GigabitEthernet1/1/2
Syntax
mirroring-group group-id remote-probe vlan remote-probe-vlan-id
undo mirroring-group group-id remote-probe vlan remote-probe-vlan-id
View
System view
Parameter
group-id: The
number of a port mirroring group, in the range 1 to 20.
remote-probe vlan remote-probe-vlan-id: Specifies
the remote-probe VLAN for the mirroring group.
Description
Use the mirroring-group remote-probe
vlan command to specify the remote-probe VLAN for a mirroring group.
Use the undo mirroring-group
remote-probe vlan command to remove the configuration of remote-probe VLAN
for a mirroring group.
Example
# Configure VLAN 100 as the remote-probe
VLAN.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] mirroring-group 1 remote-probe
vlan 100
Syntax
mirroring-port { inbound | outbound | both }
undo mirroring-port
View
Ethernet port view
Parameter
inbound | outbound
| both: Direction of mirrored packets. inbound means only to
mirror the packets received by the port; outbound means only to mirror
the packets sent by the port; both means only to mirror all packets
received and sent by the port.
Description
Use the mirroring-port command to
configure the source port.
Use the undo mirroring-port command
to remove the configuration of the source port.
Related command: display mirroring-group
Example
# Configure GigabitEthernet1/1/1 as the
source port and mirror all packets received and sent by this port.
<H3C>
system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface GigabitEthernet1/1/1
[H3C-GigabitEthernet1/1/1] mirroring-port
both
Syntax
monitor-port
undo monitor-port
View
Ethernet port view
Parameter
None
Description
Use the monitor-port command to
configure the destination port.
Use the undo monitor-port command to
remove the configuration of the destination port.
You can only configure one destination port
on a switch, and all mirrored packets will be sent to the destination port.
Related command: display mirroring-group
Example
# Configure GigabitEthernet1/1/4 as the
destination port.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface GigabitEthernet1/1/4
[H3C-GigabitEthernet1/1/4]
monitor-port
Syntax
remote-probe
vlan enable
undo remote-probe vlan enable
View
VLAN view
Parameter
None
Description
Use the remote-probe vlan enable
command to configure the current VLAN as the remote-probe VLAN.
After this command is executed, the system
first checks whether the current VLAN is a dynamic VLAN. If yes, the command
will fail, and the system prompts “Can not set dynamic VLAN as
remote-probe VLAN!”.
Use the undo remote-probe vlan enable command
to configure the remote-probe VLAN as a normal VLAN.
Before defining the remote-probe VLAN, make
sure that no Access or Hybrid port belongs to this VLAN. If any Trunk port
exists in this VLAN, the port PVID cannot be the ID of remote-probe VLAN. After
setting a VLAN as remote-probe VLAN, it is recommended not to add Access or
Hybrid port to the VLAN.
Example
# Configure VLAN 5 as remote-probe vlan.
<H3C>
system-view
System View: return to User View with
Ctrl+Z.
[H3C] vlan 5
[H3C-vlan5] remote-probe vlan enable
Syntax
display mirror
View
Any view
Parameter
None
Description
Use the display mirror to display
the port mirroring settings, including the destination port, source port and
mirroring direction.
Example
# Display the port mirroring settings.
<H3C> display
mirror
Monitor-port:
Ethernet1/0/1
Mirroring-port:
Ethernet1/0/2 both
Syntax
display qos-interface { interface-type interface-number | unit-id } mirrored-to
View
Any view
Parameter
interface-type interface-number: Port of the switch. If you specify this argument, the switch will
display the parameter settings of the specified port.
unit-id:
Unit ID. If you specify this argument, the switch will display the parameter
settings on the specified unit.
Description
Use the display qos-interface
mirrored-to command to display the parameter settings of traffic mirroring.
Information displayed includes:
l
Port and action name of traffic mirroring
l
Direction of traffic mirroring
l
ACL for identifying traffics
l
Destination port
Related command: mirrored-to
Example
# Display the parameter settings of traffic
mirroring on Gigabitethernet1/1/1.
<H3C> display
qos-interface GigabitEthernet 1/1/1 mirrored-to
GigabitEthernet1/1/1: mirrored-to
Inbound:
Matches: Acl 2000 rule 0 running
Mirrored to: monitor interface
Syntax
mirrored-to { inbound | outbound } acl-rule { monitor-interface
| cpu }
undo mirrored-to inbound acl-rule
View
Ethernet port view
Parameter
inbound: Specifies
to mirror the packets received by the port.
outbound: Specifies
to mirror the packets sent by the port.
acl-rule:
Applied ACL rules, which can be the combination of different types of ACL sub-rules.
Table 1-2 describes the combined-ACL applications.
Table 1-2 Combined
application of ACLs
|
Combination mode
|
Form of acl-rule
|
|
Apply all sub-rules in an IP type ACL
(either a basic or an advanced ACL) separately
|
ip-group acl-number
|
|
Apply one sub-rule in an IP type ACL
separately
|
ip-group acl-number rule rule-id
|
|
Apply all sub-rules in a Layer 2 ACL
separately
|
link-group acl-number
|
|
Apply one sub-rule in a Layer 2 ACL
separately
|
link-group acl-number rule rule-id
|
|
Apply one sub-rule in a user-defined ACL
separately
|
user-group acl-number
|
|
Apply all sub-rules in a user-defined ACL
separately
|
user-group acl-number rule rule-id
|
|
Apply one sub-rule in an IP type ACL and
one sub-rule in a Layer 2 ACL simultaneously
|
ip-group acl-number rule rule-id
link-group acl-number rule rule-id
|
ip-group acl-number: Sequence number of a basic or advanced ACL, in the range 2000 to
3999.
link-group acl-numberr: Sequence number of a Layer
2 ACL, in the range 4000 to 4999.
user-group acl-number: Sequence number of a user-defined
ACL, in the range 5000 to 5999.
rule rule-id: Sequence number of an ACL sub-rule, in the range 0 to 65534. If
this argument is not specified, all sub-rules in the specified ACL will be
applied.
monitor-interface: Specifies to mirror traffics to the destination port.
cpu: Specifies
to mirror the data traffics to the CPU.
Description
Use the mirrored-to command to invoke
ACLs for identifying traffics and perform traffic mirroring for the packets
matching the ACLs.
Use the undo mirrored-to command to
remove traffic mirroring configuration.
This command applies to matching the sub-rules
whose actions are permit in the specified ACL.
LACP and STP must be disabled on the
destination port. Traffic mirroring does not support aggregated synchronization
and configuration copy.
Mirroring configuration takes effect only
after a source port and a destination port are specified.
Related command: display qos-interface
mirrored-to, monitor-port
Example
# Mirror packets that match ACL 2000 on
port GigabitEthernet1/1/1 to GigabitEthernet1/1/4 through traffic mirroring.
<H3C>
system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface GigabitEthernet1/1/4
[H3C-GigabitEthernet1/1/4] monitor-port
[H3C-GigabitEthernet1/1/4] quit
[H3C] interface GigabitEthernet1/1/1
[H3C-GigabitEthernet1/1/1] mirrored-to
inbound ip-group 2000 monitor-interface
Syntax
mirroring-port { inbound | outbound | both }
undo mirroring-port
View
Ethernet port view
Parameter
inbound | outbound
| both: Direction of mirrored packets. inbound means only to mirror
the packets received by the port; outbound means only to mirror
the packets sent by the port; both means to mirror all packets received
and sent by the port.
Description
Use the mirroring-port command to
configure the source port.
Use the undo mirroring-port command
to remove the configuration of the source port.
Related command: display mirror
Example
# Configure GigabitEthernet1/1/1 as the
source port and mirror all packets received and sent by this port.
<H3C>
system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface GigabitEthernet1/1/1
[H3C-GigabitEthernet1/1/1] mirroring-port
both
Syntax
monitor-port
undo monitor-port
View
Ethernet port view
Parameter
None
Description
Use the monitor-port command to
configure the destination port.
Use the undo monitor-port command to
remove the configuration of the destination port.
You can only configure one destination port
on a switch, and all mirrored packets will be sent to the destination port.
Related command: display mirror
Example
# Configure GigabitEthernet1/1/4 as the
destination port.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface GigabitEthernet1/1/4
[H3C-GigabitEthernet1/1/4]
monitor-port
